Granting an access to a computer-based object

ABSTRACT

In order to grant an access to a computer-based object, a memory card having a program code processor is provided, on which at least one public and private key assigned to the memory card are stored. In addition, an item of license information is provided, which comprises at least one license code encrypted by means of the public key assigned to the memory card, on a computing device which controls the access to the computer-based object.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is the US National Stage of International ApplicationNo. PCT/EP2004/052243, filed Sep. 20, 2004 and claims the benefitthereof. The International Application claims the benefits of Germanapplication No. 10345527.2 filed Sep. 30, 2003, both of the applicationsare incorporated by reference herein in their entirety.

FIELD OF THE INVENTION

The present invention relates to a method for granting an access to acomputer-based object and to a control program for performing themethod.

BACKGROUND OF THE INVENTION

Immense damage is caused worldwide as a result of the unauthorized useof computer programs. Solutions designed to protect computer programsagainst unauthorized use have been developed in order to counter thisproblem.

Transmitting encrypted information in order to activate a computerprogram serves to prevent unauthorized replications of the computerprogram. Moreover, corresponding methods serve for example as atechnical precondition for selling computer programs as products viae-commerce. With previously known methods for activating computerprograms, computer programs are enabled (activated) with the aid of aunique registration key in each case. In order to activate a computerprogram, the registration key which is permanently assigned to acomputer program license is entered manually or loaded from a datamedium. In particular with a plurality of computer programs installed ondifferent computers, this results in a high administration overheadwhich is associated with labor-intensive operating and maintenancetasks.

A method wherein predefinable functions of a computer program can beactivated for a selectable period of use by modification of aregistration key pair is known from EP 1 191 419 A2. The registrationkey pair has at least one part-information item that is locked againstuser accesses. The functions which are to be activated do notnecessarily have to have been already available for an activation at thetime of an initial installation of the computer program, but can also beselected and added at some later time. No deployment of operating andmaintenance personnel is necessary at the location of the computer onwhich the particular computer program is installed in order to activatethe functions.

Components of the registration key pair according to the methoddescribed in EP 1 191 419 A2 are application information and anapplication value. The application information is input at a firstcomputer on which the computer program to be registered is installed or,alternatively, is generated by the first computer. The application valueis calculated from the application information by means of coding in asecond computer.

For a registration of a computer program or a change to theregistration, first application information comprising at least onepartial information element that is locked against user accesses istransmitted to the second computer. In the second computer, anapplication value is calculated from the first application informationand subsequently transmitted to the first computer. In the firstcomputer, second application information is determined from theapplication value by means of decoding. The first and the secondapplication information are checked to determine they match at the startof an execution of the computer program. Predefinable functions of thecomputer program are activated as a function of the differencesresulting during the check.

SUMMARY OF THE INVENTION

The object of the present invention is to specify a method which affordsincreased protection against unauthorized use of resources provided in acomputing device, as well as an implementation suitable for automatedexecution of the method.

This object is achieved according to the invention by a method and acontrol program having the features recited in the claims. Advantageousembodiments of the present invention are set forth in the dependentclaims.

According to the invention, increased protection against unauthorizeduse of resources provided in a computing device results from theprovisioning of a memory card having a program code processor and anitem of license information as a precondition for granting an access toa computer-based object. At least one public and private key assigned tothe memory card are stored on the memory card. The license informationincludes at least one license code encrypted by means of the public keyassigned to the memory card and is provided on a computing devicecontrolling the access to the computer-based object.

According to the invention, a symmetric key is generated from a firstrandom number generated by the memory card and from a second randomnumber provided by the computing device, said symmetric key being madeaccessible to the memory card and the computing device. The encryptedlicense code and a specification, provided with a hash value encryptedusing the symmetric key, of a function to be performed by the memorycard in order to decrypt the license code are transmitted to the memorycard. The encrypted hash value is decrypted by the memory card andchecked for agreement with a hash value computed for the specificationof the function to be performed by the memory card. If the result of thecheck is positive, the function for decrypting the license code isexecuted by the memory card and a decrypted license code is transmittedto the computing device. The decrypted license code is then provided atleast temporarily for accessing the computer-based object.

Without in any way limiting the generality of the term, computing deviceshould be understood as meaning, for example, PCs, notebooks, servers,PDAs, mobile telephones, automated teller machines, control modules usedin automation technology, automotive engineering, communicationstechnology or medical engineering—generally devices in which computerprograms can execute. Furthermore, computer-based objects are, forexample, without in any way limiting the generality of this term,operating systems, control or application programs, services provided byoperating systems, control or application programs, service features,functions or procedures, access rights to peripheral devices, as well asdata residing on a storage medium.

According to an advantageous development of the present invention, thepublic key of the trusted party is provided, protected againstmanipulation, at the computing device. In addition, the licenseinformation is digitally signed by means of a private key of the trustedparty. The digital signature of the license information can therefore bechecked in the computing device with the aid of the public key of thetrusted party. In this way a trusted and secure transmission of thelicense information to the computing device can be guaranteed.

The decrypted license code can be provided with a hash value that isencrypted using the symmetric key. The encrypted hash value of thedecrypted license code can then be decrypted in the computing device andchecked for agreement with a hash value computed for the decryptedlicense code. This offers the advantage that it is ensured that thelicense code has actually been decrypted using the memory card providedfor the decryption.

Preferably the symmetric key is valid for one access-grantingtransaction only and is regenerated for each new access request. Thiscontributes toward a further increase in security against attempts atmanipulation.

Advantageously the license information additionally comprises the publickey assigned to the memory card. In addition, the first random number istransmitted, digitally signed by means of the private key assigned tothe memory card, to the computing device. The digital signature of thefirst random number is then checked in the computing device with the aidof the public key assigned to the memory card. The second random numberis encrypted by means of the public key of the memory card andtransmitted to the memory card, where it is decrypted. This developmentoffers the advantage of a secure transmission of the first and secondrandom number for generating the symmetric key.

According to a further advantageous embodiment of the present invention,the encrypted license code and the specification, provided with theencrypted hash value, of the function to be executed by the memory cardare transmitted via a secure communications link from the computingdevice via a reading device to the memory card. In this waypossibilities of manipulation in order to obtain unauthorized access tothe computer-based object are restricted further.

Advantageously, a third random number is generated by the memory cardand transmitted to the computing device. A hash value, which isencrypted by means of the symmetric key and the third random number, canthen be computed by the computing device for specification of thefunction to be executed by the memory card and transmitted in encryptedform to the memory card. Finally, the hash value encrypted by means ofthe symmetric key and the third random number is decrypted by the memorycard and checked for agreement with a hash value computed for thespecification of the function to be executed by the memory card. By thismeans an effective protection against repetition is produced, with theresult that an interception of signals exchanged between the memory cardand the computing device does not open up any effective possibilitiesfor manipulation. Furthermore, this embodiment offers the advantage thatavailable secure messaging methods can be used for transmission of acorresponding function call for the purpose of decrypting the licensecode.

In order to guarantee a protection against repetition with regard to atransmission of the decrypted license code to the computing device,according to a further embodiment a fourth random number is generated inthe computing device and transmitted to the memory card. A hash value,which is encrypted by means of the symmetric key and the fourth randomnumber, is then computed for the decrypted license code by the memorycard and transmitted in encrypted form to the computing device. The hashvalue encrypted by means of the symmetric key and the fourth randomnumber can subsequently be decrypted in the computing device and checkedfor agreement with a hash value computed for the decrypted license code.

According to a preferred embodiment of the present invention, thedecrypted license code and a check process sequence are aligned with arespective reference specification for the purpose of granting access tothe computer-based object. This offers additional security, since thepresence of the decrypted license code is no longer sufficient on itsown for authorizing an access, but is tied to a successful check processsequence.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is explained in more detail below on the basis ofan exemplary embodiment and with reference to the drawing.

The FIGURE shows a schematic representation of an applicationenvironment of the present invention comprising an exchange ofinformation and messages between a trusted party, a computing devicecontrolling the access to a computer-based object, and a memory cardwith program code processor.

DETAILED DESCRIPTION OF THE INVENTION

The application environment of the present invention represented in theFIGURE comprises a trusted party 10, a computer 20, and a smartcardterminal 30 which is connected to the computer 20 and into which asmartcard 40 can be introduced. The trusted party 10 may be assigned,for example, to a manufacturer of a software product that is to beprotected against unauthorized access and takes responsibility formanaging licenses and key material assigned to smartcards. Also assignedto the trusted party 10 is an asymmetric key pair 11 which comprises aprivate and a public key. For the purpose of storing the key materialassigned to smartcards there is provided a database 12 which containspublic keys of smartcards that are to be shipped or have already beenshipped.

System resources 22, comprising for example programs or memory areascontaining data, are made available to one or more users by the computer20. The method described here for granting an access to a computer-basedobject is basically applicable to any system resources. The computer 20controls in particular an access to the system resources 22, which inthe present case also comprise software of the manufacturer to which thetrusted party 10 is assigned. Furthermore the public key 21 of thetrusted party 10 is provided, protected against manipulation, at thecomputer 20.

The smartcard terminal 30 is connected to the computer 20 via a securecommunications link. The smartcard terminal 30 is used for exchanginginformation and messages between the computer 20 and a smartcard 40which can be introduced into the smartcard terminal 30 and represents amemory card having a program code processor. Stored on the smartcard 40is an asymmetric key pair 41 which is assigned to the smartcard 40 andwhich comprises a public and a private key of the smartcard 40. Alsoprovided on the smartcard 40 is at least one program for encrypting anddecrypting using the asymmetric key pair 41 of the smartcard 40. Inaddition, the smartcard 40 has a random number generator and ispreferably compliant with ISO 7816/8.

An item of license information 1 generated by the trusted party 10 isprovided at the computer 20. Said license information 1 comprises alicense code (enc_SC(licencecode)), encrypted by means of the public keyassigned to the smartcard 40, and the public key (pub_SC) assigned tothe smartcard 40. In addition, the license information 1 is digitallysigned (sig_TP) by means of the private key of the trusted party 10, sothat the digital signature of the license information 1 can be checkedin the computer 20 with the aid of the public key 21 of the trustedparty 10.

For the purpose of generating a symmetric key (K) 24,43 which is validfor one access-granting transaction only and is to be regenerated foreach new access request, the smartcard 40 is first requested to generatea first random number (rand1) by means of a request message 2 a(GetChallenge) of the computer 20. Following generation of the firstrandom number by the smartcard 40, the request message 2 a is answeredby transmission of a result message 2 b (rand1) containing the firstrandom number. Depending on the security requirement, the first randomnumber can also be transmitted, digitally signed by means of the privatekey of the smartcard 40, to the computer 20 and verified there.

Following reception of the first random number the computer 20 generatesa second random number (rand2) and transmits the latter using securemessaging by means of a Mutual-Authenticate command 3 a(SM_enc_SC(MutAuth( ))) encrypted by means of the public key of thesmartcard 40 to the smartcard 40. The Mutual-Authenticate command 3 acomprises the second random number as well as a message authenticationcode (MAC_S) formed for the first random number using a furthersymmetric key (S) 23, 42. Said further symmetric key 23, 42 is storedboth in the computer 20 and on the smartcard 40, serves for a mutualauthentication between the computer 20 and the smartcard 40, and doesnot necessarily have to be kept secret. In addition to the first randomnumber, the message authentication code formed for the first randomnumber includes a hash value formed for the first random number andencrypted by means of the further symmetric key 23, 42.

In order to confirm a successful decryption of the Mutual-Authenticatecommand and check of the message authentication code, and hence thereception of the second random number, an acknowledgement message 3 b istransmitted to the computer 20. In this way it is ensured that the firstand second random numbers are present both in the computer 20 and on thesmartcard 40 for the purpose of generating the symmetric key 24, 43. Thesymmetric key is then generated in the computer 20 and on the smartcard40 independently of each other. The symmetric key 24, 43 is thusavailable both in the computer 20 and also on the smartcard 40 at leastfor the duration of an access-granting transaction. The generation ofthe symmetric key 24, 43 creates a basis for subsequently transmittingto the smartcard 40 a function call for the purpose of decrypting thelicense code (PSO_DEC—perform security operation mode decrypt, appliedto the license code encrypted by means of the public key of thesmartcard 40) using secure messaging.

Following this, the smartcard 40 is requested for generating a thirdrandom number (rand3) for the implementation of a protection againstrepetition by means of a request message 4 a (GetChallenge) of thecomputer 20. After the third random number has been generated by thesmartcard 40, the request message 4 a is answered by transmission of aresult message 4 b (rand3) containing the third random number. Next, afourth random number (rand4) is generated in the computer 20 andtransmitted by means of a message 5 a (GiveRandom) to the smartcard 40.The reception of the fourth random number is acknowledged by thesmartcard 40 by means of an acknowledgement message 5 b.

Following the acknowledged transmission of the fourth random number, amessage 6 a for decrypting the license code is transmitted by thecomputer 20 to the smartcard 40. As well as the encrypted license code,the message 6 a for decrypting the license code includes a specificationof a function for decryption of the license code that is to be executedby the smartcard 40. The specification of the function to be executed bythe smartcard 40 is provided with a hash value which is encrypted bymeans of the symmetric key 24, 43 and the third random number. The hashvalue encrypted by means of the symmetric key 24, 43 and the thirdrandom number is subsequently decrypted by the smartcard 40 and checkedfor agreement with a hash value computed for the specification of thefunction that is to be executed by smartcard 40.

If the result of the check is positive, the function for decrypting thelicense code is executed by the smartcard 40 and a decrypted licensecode is transmitted by means of a message 6 b to the computer 20 usingsecure messaging. For the purpose of using secure messaging thesmartcard 40 computes a hash value for the decrypted license code, saidhash value being encrypted by means of the symmetric key 24, 43 and thefourth random number. This encrypted hash value is transmitted to thecomputer 20 together with the decrypted license code. There, the hashvalue is subsequently decrypted by means of the symmetric key 24, 43 andthe fourth random number and checked for agreement with a hash valuecomputed for the decrypted license code.

If the hash values are in agreement, the decrypted license code isprovided at least temporarily for accessing the protected software or acomputer-based object. In order to rule out possible attempts atmanipulation, the decrypted license code and a check process sequenceshould be aligned with a respective reference specification beforeaccess is granted to the protected software. If the alignment issuccessful, access can then be granted.

Control of the execution of the method for granting access to protectedsoftware or a computer-based object is implemented by means of a controlprogram which can be loaded into a working memory of the computer 20 andwhich has at least one code section, upon execution of which thegeneration of a symmetric key from a first random number generated by amemory card having a program code processor and from a second randomnumber provided by the computing device is initiated first. Next to beinitiated is a transmission, to the memory card, of a license codeencrypted by means of the public key assigned to the memory card and ofa specification, provided with a hash value encrypted using thesymmetric key, of a function that is to be executed by the memory cardfor decrypting the license code. Additionally initiated upon executionis a decryption of the encrypted hash value by the memory card and acheck for agreement with a hash value computed for the specification ofthe function to be executed by the memory card. If the result of thecheck is positive, an execution of the function for decryption of thelicense code by the memory card and a transmission of an encryptedlicense code to the computer 20 are then initiated. Finally, uponexecution of the code section, the decrypted license code is provided atleast temporarily by the computer 20 for accessing the computer-basedobject when the control program executes in the computer 20.

The use of the present invention is not restricted to the exemplaryembodiment described here.

1-10. (canceled)
 11. A method for granting access to a computer-basedobject, comprising: providing a memory card comprising a program codeprocessor; assigning a public and private key to the memory card;storing the public and private key assigned to the memory card on thememory card; providing license information comprising a license codeencrypted by the public key assigned to the memory card at a computingdevice that controls the access to the computer-based object; generatinga symmetric key which is available to the memory card and the computingdevice from a first random number generated by the memory card and froma second random number provided by the computing device; transmittingthe encrypted license code and a specification of a function to beexecuted by the memory card for decrypting the encrypted license codewhich is provided with a hash value encrypted using the symmetric key tothe memory card; decrypting the encrypted hash value by the memory cardand checking for agreement with a hash value computed for thespecification of the function to be executed by the memory card fordecrypting the encrypted license code; and executing a function fordecrypting the encrypted license code by the memory card andtransmitting the decrypted license code to the computing device if aresult of the check is in agreement, wherein the decrypted license codeprovides at least temporary access to the computer-based object.
 12. Themethod as claimed in claim 11, wherein a public key of a trusted partyis provided and protected against manipulations at the computing device,wherein the license information is digitally signed by a private key ofthe trusted party, and wherein the digital signature of the licenseinformation is checked in the computing device with the public key ofthe trusted party.
 13. The method as claimed in claim 11, wherein thedecrypted license code is provided with a hash value encrypted using thesymmetric key, and wherein the encrypted hash value of the decryptedlicense code is decrypted in the computing device and checked foragreement with a hash value computed for the decrypted license code. 14.The method as claimed in claim 11, wherein the symmetric key is onlyvalid for one access-granting transaction and is regenerated for eachnew access request.
 15. The method as claimed in claim 11, wherein thelicense information additionally comprises the public key assigned tothe memory card, wherein the first random number is transmitted,digitally signed by the private key assigned to the memory card, to thecomputing device, wherein the digital signature of the first randomnumber is checked in the computing device with the public key assignedto the memory card, and wherein the second random number is transmitted,encrypted by the public key of the memory card, to the memory card anddecrypted there.
 16. The method as claimed in claim 11, wherein theencrypted license code and the specification, provided with the hashvalue encrypted using the symmetric key, of the function to be executedby the memory card for decrypting the encrypted license code aretransmitted via a secure communications link from the computing devicevia a reading device to the memory card.
 17. The method as claimed inclaim 11, wherein a third random number is generated by the memory cardand transmitted to the computing device, wherein a hash value, which isencrypted by the symmetric key and the third random number, is computedby the computing device for the specification of the function to beexecuted by the memory card for decrypting the encrypted license codeand transmitted in encrypted form to the memory card, and wherein thehash value encrypted by the symmetric key and the third random number isdecrypted by the memory card and checked for agreement with a hash valuecomputed for the specification of the function to be executed by thememory card for decrypting the encrypted license code.
 18. The method asclaimed in claim 17, wherein a fourth random number is generated in thecomputing device and transmitted to the memory card, wherein a hashvalue, which is encrypted by the symmetric key and the fourth randomnumber, is computed by the memory card for the decrypted license codeand transmitted in encrypted form to the computing device, and whereinthe hash value encrypted by the symmetric key and the fourth randomnumber is decrypted in the computing device and checked for agreementwith a hash value computed for the decrypted license code.
 19. Themethod as claimed in claim 11, wherein the decrypted license code and acheck process sequence are aligned with a respective referencespecification for granting the access to the computer-based object. 20.The method as claimed in claim 11, wherein the computer-based object isselected from the group consisting of: operating systems, control orapplication programs, services provided by operating systems, functionsor procedures, access rights to peripheral devices, and data residing ona storage medium.
 21. A control program loaded into a working memory ofa computing device and having a code section, comprising: a code thatgenerates a symmetric key from a first random number generated by amemory card having a program code processor and from a second randomnumber provided by the computing device; a code that transmits a licensecode and a specification to the memory card, wherein the license code isencrypted by a public key assigned to the memory card and, and whereinthe specification, provided with a hash value encrypted using thesymmetric key, is of a function to be executed by the memory card fordecrypting the encrypted license code; a code that decrypts theencrypted hash value by the memory card and checks for agreement with ahash value computed for the specification of the function to be executedby the memory card for decrypting the encrypted license code; and a codethat executes a function for decrypting the encrypted license code bythe memory card and transmits the decrypted license code to thecomputing device if a result of the check is in agreement, wherein thedecrypted license code provides at least temporary access to thecomputer-based object by the computing device.